shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : view-user.php
 
			<?php $this->load->view('admin/sidebar.php');?>
		</div>
		<div class="content-right">
			<?php $this->load->view('admin/header.php');?>
			<div class="main-content">
				<div class="dash-block">
					<h5 class="border-bottom pb-3">View User 
<!--                                            <a href="<?=base_url('admin/add_user')?>"><button type="button" class="btn btn-success btn-sm m-2">Add User</button></a>
                                            <a href="<?=base_url('admin/view_user?dob='.date('d-m-Y'))?>"><button type="button" class="btn btn-success btn-sm m-2">DOB</button></a>-->
					<?php
                                        if($dob){
                                           ?>
                                             <a class="btn btn-info" href="<?=base_url('admin/dob_send_sms?dob='.$dob)?>"> Send to All</a>  
                                            <?php 
                                        }
                                        ?>
						<a class="btn btn-info float-right" href="<?=base_url('admin/user_export_csv')?>"> TO CSV</a>
					</h5>

					<div class="form-element mt-2">
						<table class="table table-bordered" id="example">
						<thead>	
							<tr>
								<th>SNo </th>
								<th>Name</th>
								<th>Mobile</th>
								<th>Email</th>
								<th>Date</th>
								<th>D.O.B.</th>
								<th>Status</th>
								<th>Action</th>
							</tr>
						</thead>
						<tbody>	
							<?php 
//                                                        echo $this->db->last_query();
							if(isset($user_res) && $user_res==true):
								$sno = 1;
								foreach($user_res as $row){ 
								$lin = base_url('admin/view_customer_order/'.$row->id);
									$lin1 = base_url('admin/view_customer_details/'.$row->id);
								?>
								<tr>
									<td><?=$sno++?></td>
									<td><a href="<?php echo $lin;?>"><?=$row->first_name.' '.$row->last_name?></a></td>
									<td><a href="<?php echo $lin;?>"><?=$row->mobile?></a></td>
									<td><a href="<?php echo $lin;?>"><?=$row->email?></a></td>
									<td><?=date('d-m-Y',strtotime($row->created))?></td>
									<td><?=date('d-m-Y',strtotime($row->birthdate))?></td>
									<td><?php
									if($row->status==0){?>
										 <div class="onoffswitch">
											<input type="checkbox" name="onoffswitch" class="onoffswitch-checkbox status" id="<?=$row->id?>">
											<label class="onoffswitch-label" for="<?=$row->id?>">
											<span class="onoffswitch-inner"></span>
											<span class="onoffswitch-switch"></span>
											</label>	
										</div>
										<?php
									} else {?> 
								 		<div class="onoffswitch">
											<input type="checkbox" name="onoffswitch" class="onoffswitch-checkbox status not-allowed" id="<?=$row->id?>" checked>
											<label class="onoffswitch-label check" for="<?=$row->id?>">
											<span class="onoffswitch-inner"></span>
											<span class="onoffswitch-switch"></span>
											</label>	
										</div>
								 	<?php 	
									 } ?>
								</td>
								<td>
                                                                    <?php
                                        if($dob){
                                           ?>
                                             <a class="btn btn-info" href="<?=base_url('admin/dob_send_sms?dob='.$dob."&uid=".$row->id)?>"> Send</a>  
                                            <?php 
                                        }
                                        ?>
                                        <a href="<?php echo $lin1;?>" class="btn btn-info btn-sm"><i class='fa fa-eye'></i></a>
									<!-- <a href="<=base_url('admin/add_user/'.base64_encode($row->id))?>"><button type="button" class="btn btn-primary btn-sm">Edit</button> --> 
									<a href="<?=base_url('admin/delete_user/'.base64_encode($row->id))?>" onclick="return confirm('Are you sure?')"><button type="button" class="btn btn-danger btn-sm">Trash</button></td>
								</tr>	
							<?php	
								}
							endif;
							?>
						</tbody>	
						</table>
						
					</div>
				</div>
			</div>
			<?php include'footer.php';?>
		</div>
	</div>
	<div class="modal fade reffer-user">
		<div class="modal-dialog modal-lg">
			<div class="modal-content">
				<div class="modal-header">
					<h5 class="modal-title">User Detail</h5>
					<button class="close" data-dismiss="modal">&times;</button>
				</div>
				<div class="modal-body">
					<div class="table-responsive">
					    <table class="table table-bordered" id="data">
					    	
					    </table>
					</div>
				</div>
			</div>
		</div>
	</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script type="text/javascript" src="<?=base_url('admin_assets/js/bootstrap.min.js')?>"></script>
<script type="text/javascript" src="<?=base_url('admin_assets/js/select2.min.js')?>"></script>
<script type="text/javascript" src="<?=base_url('admin_assets/js/custom.js')?>"></script>
<script src="<?=base_url('admin_assets/js/css3-animate-it.js')?>"></script>
<script type="text/javascript" src="https://cdn.datatables.net/1.10.19/js/jquery.dataTables.min.js"></script>
<script type="text/javascript" src="https://cdn.datatables.net/1.10.19/js/dataTables.bootstrap4.min.js"></script>
<script src="<?=base_url('admin_assets/js/tableHTMLExport.js')?>"></script>
<script type="text/javascript">
	$(document).ready(function () {
	  	$('#example').DataTable();
	});
	
</script>
<script type="text/javascript">
$(".status").change(function() {
	var con = confirm("Are you sure you want to Activate..");
	var isChecked=$(this).prop("checked");
	var user_id=$(this).attr("id");
	if(isChecked){
		$.ajax({
		url:"user_status_changer",
		method:"post",
		data:{"user_id_for_status":user_id,"status":1},
		success: function(res){//for response
//			alert("True");
			}
		});
	}else{
		$.ajax({
		url:"user_status_changer",
		method:"post",
		data:{"user_id_for_status":user_id,"status":0},
		success: function(res){//for response
//			alert("True");
			}
		});
	}	
});

$(".save_btn").click(function() {
	var con = confirm("Are you sure ");
	var user_id=$(this).attr("id");
	var package = $(this).closest("tr").find('select#package').val();
	if(con==true){
		$.ajax({
			url:"<?=base_url('admin/package_status_changer')?>",
			method:"post",
			data:{"user_id_for_package":user_id,"package":package},
			success: function(res){//for response
				if(res==1){
					alert("Sucess! Package Done");
					location.reload();
				}
				
			}
		});
	}else{
		alert("Internal Problmem");
		return false;
	}
});

$(".reffer_user").click(function(){
	var user_id=$(this).attr("id");
	if(user_id!=""){
		$.ajax({
			url:"<?=base_url('admin/reffer_user_ajax')?>",
			method:"post",
			data:{"user_id":user_id},
			success: function(res){//for response
				$("#data").html(res);
			}
		});
	}else{
		alert("Internal Problem");
		return false;
	}
	
	
})
</script>
</body>
</html>

© 2026 GrazzMean